howto disable triple DES 168 on Windows

You are disabling some ciphers (e.g. DES 56/56, RC2 40/128, RC2 128/128, RC4 40/128, RC4 56/128, RC4 64/128, RC4 128/128) in order to harden your server OS. However you are unable to disable triple DES 168 and every vulnerability report still shows it as active.

You tried to disable triple DES 168 via the "SCHANNEL\Ciphers\Triple DES 168/168 subkey" which is mentioned via Microsoft KB 245030 (or set by Nartac IIS Crypto version 1.6). In more details you set the following:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]"Enabled"=dword:00000000After you implemented the one above (and perform a full OS reboot) a nMap (on the RDP port) shows the following:

If you delete the above reg key now and re-create the following now:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168]"Enabled"=dword:00000000Reboot the computer and run a new nMap scan you see now the following:

Conclusion, it looks like there is a small bug in the Microsoft documentation and multiple other websites, documentations or blogs picked that up without checking that. So remove the "/168" part from your reg key, reboot the computer and triple DES is gone.

As long as there are other ciphers available then disabling 3DES will not break RDP. And if you run a very uncommon configuration (e.g. some 3rd party apps) you can also quickly remove the registry key, reboot the server and have the old state.